Comment by lakpan

2 years ago

It’s funny but anyone who’s ever used Gmail’s “Accounts” tab on its options page, has voluntarily given Google their passwords to keep forever.

Now Microsoft wraps their web UI in a “native” app and everybody loses their mind.

It’s hardly unusual for an internet-connected app to be at least partially run in the cloud in 2023. Much less unusual when it’s something related to MS365 and AI (one of the banner features of this new release)

2 comments

lakpan

Reply
MereInterest  2 years ago

False equivalence. In one case, credentials are deliberately given for remote use. In the other case, credentials are expected to be used for a direct connection, but are instead taken for remote use.

One is an explicit delegation, while the other is a man-in-the-middle attack.

  • lakpan  2 years ago

    I don’t think so. Remote or direct is only something we think about. The general user could not care less nor know the difference. Hardly a false equivalence.